CVE-2017-9987 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9987): There is a heap-based buffer overflow in the function hpel_motion in mpegvideo_motion.c in libav 12.1. A crafted input can lead to a remote denial of service attack. CVE-2017-9051 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9051): libav before 12.1 is vulnerable to an invalid read of size 1 due to NULL pointer dereferencing in the nsv_read_chunk function in libavformat/nsvdec.c.
@Maintainers vulnerable version is 12.1, we already have 12.2, proceed to cleanup please. Thank you
Setting back to upstream until the fixes are verified across the various branches.
(In reply to GLSAMaker/CVETool Bot from comment #0) > CVE-2017-9987 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9987): > There is a heap-based buffer overflow in the function hpel_motion in > mpegvideo_motion.c in libav 12.1. A crafted input can lead to a remote > denial of service attack. > Still open upstream: https://bugzilla.libav.org/show_bug.cgi?id=1067 > CVE-2017-9051 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9051): > libav before 12.1 is vulnerable to an invalid read of size 1 due to NULL > pointer dereferencing in the nsv_read_chunk function in > libavformat/nsvdec.c. https://bugzilla.libav.org/show_bug.cgi?id=1039 Fixed upstream and is in 12.{1,2,3} releases.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ae1063b59ef317fdc6dd640b60437f6fb143a2ac commit ae1063b59ef317fdc6dd640b60437f6fb143a2ac Author: Mikle Kolyada <zlogene@gentoo.org> AuthorDate: 2020-04-26 15:14:48 +0000 Commit: Mikle Kolyada <zlogene@gentoo.org> CommitDate: 2020-04-26 15:22:46 +0000 media-video/libav: remove last-rited pkg Closes: https://bugs.gentoo.org/show_bug.cgi?id=452482 Closes: https://bugs.gentoo.org/show_bug.cgi?id=458768 Closes: https://bugs.gentoo.org/show_bug.cgi?id=470764 Closes: https://bugs.gentoo.org/show_bug.cgi?id=499256 Closes: https://bugs.gentoo.org/show_bug.cgi?id=509974 Closes: https://bugs.gentoo.org/show_bug.cgi?id=519602 Closes: https://bugs.gentoo.org/show_bug.cgi?id=525070 Closes: https://bugs.gentoo.org/show_bug.cgi?id=555114 Closes: https://bugs.gentoo.org/show_bug.cgi?id=564040 Closes: https://bugs.gentoo.org/show_bug.cgi?id=587054 Closes: https://bugs.gentoo.org/show_bug.cgi?id=588986 Closes: https://bugs.gentoo.org/show_bug.cgi?id=701952 Closes: https://bugs.gentoo.org/show_bug.cgi?id=538790 Closes: https://bugs.gentoo.org/show_bug.cgi?id=711206 Closes: https://bugs.gentoo.org/show_bug.cgi?id=489922 Closes: https://bugs.gentoo.org/show_bug.cgi?id=409957 Closes: https://bugs.gentoo.org/show_bug.cgi?id=445854 Closes: https://bugs.gentoo.org/show_bug.cgi?id=474408 Closes: https://bugs.gentoo.org/show_bug.cgi?id=509294 Closes: https://bugs.gentoo.org/show_bug.cgi?id=522350 Closes: https://bugs.gentoo.org/show_bug.cgi?id=546080 Closes: https://bugs.gentoo.org/show_bug.cgi?id=588482 Closes: https://bugs.gentoo.org/show_bug.cgi?id=603726 Closes: https://bugs.gentoo.org/show_bug.cgi?id=694082 Closes: https://bugs.gentoo.org/show_bug.cgi?id=634102 Closes: https://bugs.gentoo.org/show_bug.cgi?id=542186 Closes: https://bugs.gentoo.org/show_bug.cgi?id=635524 Closes: https://bugs.gentoo.org/show_bug.cgi?id=651218 Closes: https://bugs.gentoo.org/show_bug.cgi?id=651220 Signed-off-by: Mikle Kolyada <zlogene@gentoo.org> media-video/libav/Manifest | 3 - media-video/libav/files/libav-12.3-x264.patch | 85 ------- media-video/libav/libav-12.3.ebuild | 350 -------------------------- media-video/libav/libav-13_pre20171219.ebuild | 336 ------------------------- media-video/libav/libav-9999.ebuild | 339 ------------------------- media-video/libav/metadata.xml | 35 --- 6 files changed, 1148 deletions(-)
